This method relies on so-called “dependency confusion.” Basically, it exploits the confusion about the possible locations that computer programs (in this case popular package managers like npm, PyPI and RubyGems) use to find the files a project depends on.Īll of these package managers will accept dependencies listed as names and try to resolve what the developer meant. One such brilliant yet simple idea belongs to Alex Birsan, a researcher who came up with a method to breach 35 big tech companies including Microsoft, Apple, Yelp, Paypal, Shopify, Netflix, Tesla, and Uber, that’s earned him $130,000 in bug bounties. The hard part is being the first one to come up with the idea and put it to use. Often the most brilliant ideas are the most simple.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |